Specification for DNS over Transport Layer Security (TLS)

نویسندگان

  • Zi Hu
  • Liang Zhu
  • John S. Heidemann
  • Allison Mankin
  • Duane Wessels
  • Paul E. Hoffman
چکیده

This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS. This document focuses on securing stub-to-recursive traffic, as per the charter of the DPRIVE Working Group. It does not prevent future applications of the protocol to recursive-to-authoritative traffic.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE)

Many current applications use the certificate-based authentication features in Transport Layer Security (TLS) to allow clients to verify that a connected server properly represents a desired domain name. Typically, this authentication has been based on PKIX certificate chains rooted in well-known certificate authorities (CAs), but additional information can be provided via the DNS itself. This ...

متن کامل

RFC 5923 SIP Connection

This document enables a pair of communicating proxies to reuse a congestion-controlled connection between themselves for sending requests in the forwards and backwards direction. Because the connection is essentially aliased for requests going in the backwards direction, reuse is predicated upon both the communicating endpoints authenticating themselves using X.509 certificates through Transpor...

متن کامل

T-DNS: Connection-Oriented DNS to Improve Privacy and Security

This paper explores connection-oriented DNS to improve DNS security and privacy. DNS is the canonical example of a connectionless, single packet, request/response protocol, with UDP as its dominant transport. Yet DNS today is challenged by eavesdropping that compromises privacy, sourceaddress spoofing that results in denial-of-service (DoS) attacks on the server and third parties, injection att...

متن کامل

Safe Configuration of TLS Connections Beyond Default Settings

Transport Layer Security (TLS) and its precursor Secure Sockets Layer (SSL) are the most widely deployed protocol to establish secure communication over insecure Internet Protocol (IP) networks. Providing a secure session layer on top of TCP, TLS is frequently the first defense layer encountered by adversaries who try to cause loss of confidentiality by sniffing live traffic or loss of integrit...

متن کامل

Secure Real-Time Communication for Tele-Immersion Systems Satisfying The Need For Secure Communication With Datagram Transport Layer Security

Real-time communication is often used in teleimmersion systems. The nature of this real-time information transmitted is often health industry related so it is imperative that security must be insured. Therefore, a need for establishing secure communication channels must be facilitated under realtime constraints. A widely used family of secure protocols to assure this is Transport Layer Security...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • RFC

دوره 7858  شماره 

صفحات  -

تاریخ انتشار 2016